This moment have algoritmicaly problem, not overflow:
strcat(wrapped, wrapped) - may be looped.
Hand patch:
- else if (strstr(strcat(wrapped, wrapped), newmono))
+ else {
+ safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
+ if (strstr(wrapped, newmono))
+}
--w
vodz
The login process should always timeout if user don't login sucessfully within
reasonable time. Otherwise we're sensetive to a DOS attack by simply doing a
bunch of simultaneous telnet connections (deploys all availible TTY's).
This patch make login.c terminate the connection after "TIMEOUT" seconds.
If BusyBox was compiled with -DCONFIG_FEATURE_CLEAN_UP dmesg command
segfaults if invoked with the "-n" option. (Due to a free() of an
uninitialized pointer).
this patch fixes run_parts when it's called by ifupdown. 1) argv has to be a
NULL terminated char* array, not just a string. 2) run_parts now explicitly
sets the environment. this environment is populated from the
/etc/network/interfaces config file and is needed by the scripts in
/etc/network/if-pre-up.d/. when run-parts is called from the command line the
environment is taken from the current process.
Vladimir Oleynik then wrote:
You can simplify this if use:
+ bb_xasprintf(&buf[0], "/etc/network/if-%s.d", opt);
+ buf[1] = NULL;
+
+ run_parts(&buf, 2, environ);
+ free(buf[0]);
--w
vodz
Last patch have synced form Manuel Nova III xxreadtoken() function,
corrected (C) form dash debian/copyright, removed my small mistake
with IFS_BROKEN (thanks by Herbert), and synced cmdedit.c from
current CVS (removed libc5 support, your email correction, my (C) year
corertion).
>I'm sure that no user process use old root now, but when run "umount
>/old_root", it says:
> umount: /old_root: Device or resource busy
>
>I have tried to remount /proc within the new root *after* chroot, but
>get the same result.
>
>
I found the problem, I said that no user process use old root when run
my scripts, but
I'm wrong, actually there is a '3' fd open the file
"/old_root/dev/console". By adding
debug message in init/init.c, I found the problem: when init restart(in
exec_signal()),
before open the new terminal device, there is still a file opened(I
don't know which file it is), so the
terminal device(stdin) get fd '1', and the first dup(0)(stdout) return
'2', the second(stderr) return '3'.
I attach a simple patch to solve this problem.
Denis,
># ./busybox env - echo zzz
>zzz
># ./busybox echo -n zzz
>zzz
># ./busybox env - echo -n zzz
>env: invalid option -- n
>
> obviously, env tried to understand -n as env's option
> instead of blindly passing it to echo...
>
>BusyBox v1.00-pre1 (2003.07.16-07:53+0000) multi-call binary
>
>Usage: env [-iu] [-] [name=value]... [command]
Ah, you found very old problem.
Last patch also have:
- multiple "-u unsetenv" support
- GNU long option support
- save errno after exec failed before bb_perror_msg()
--w
vodz
Hi.
Last patch have new libbb function
vfork_rexec() for can use daemon() to uClinux system.
This patched daemons: syslog, klogd, inetd, crond.
This not tested! I havn`t this systems.
Also. Previous patch for feature request MD5 crypt password for
httpd don`t sended to this mailist on 07/15/03
(mailist have Pytom module problem?).
The previous patch included, and have testing.
--w
vodz
I've found a possible bug in libbb/interface.c, in function
if_readlist_proc(). This function calls get_name(), and passes
as an argument 'name', a buffer of 16 bytes (IFNAMSIZ). The
function get_name(), however, may use more than 16 bytes,
when it is searching for aliases. Even if you don't have an
alias interface, you can run into trouble if the interface
has received more than 99999999 bytes, in which case the
space between the interface name and the rx stats
disappears, as in the /proc/net/dev example below:
wan0.200:264573315 462080 ...
In this case get_name() correctly identifies the interface name
as "wan0.200", but to do that it uses 18 bytes of the 'name'
buffer, which could lead to an unpredictable error.
A simple solution would be to increase the size of the buffer:
Here's a pretty crude patch to reload /etc/inittab when init receives a
SIGHUP. The mailing list archives weren't entirely clear on whether or
not it should already happen, but didn't appear to be.
The patch:
* Adds a new function, reload_signal() which just calls
parse_inittab() and run_actions(RESPAWN)
* Before entering the while (1) loop set up SIGHUP to call
reload_signal()
* Modify new_init_action to skip the action if the same command
already exists on the same terminal
This last bit means that changing already running entries is a bit
hairy as you can end up with, for example, two shells running on the
same virtual console. However, for solely adding/removing entries this patch
seems to work quite well.